CALIFORNIA HIGH-SPEED RAIE AUTHORITY 
AUDIT DIVISION CHARTER 


General 

The California High-Speed Rail Authority (Authority) Audit Division provides independent 
evaluation and consultation services to management and the Authority board. The Audit 
Division provides objective evaluations, opinions and recommendations concerning operational 
and programmatic deficiencies and internal and external risks to the organization; strategies for 
managing organizational risks; and optimization of the internal control environment. 


Purpose 

The purpose of this Audit Charter is to provide guidance and assistance to the Authority and the 
Audit Division in fulfilling oversight responsibilities for the financial and operational reporting 
processes within the Authority. The charter establishes the responsibility of the Audit Division 
in the areas of organizational risk management, the Authority’s system of internal control, and 
the process for monitoring compliance with laws and regulations governing the Authority’s 
operations. 


Authority 

Authority is cited in the following regulations: 

• Government Code section 13885 et seq. 

• California State Administrative Manual, Chapter 20000: Section 30 “Internal Audit 
Organizations”; Section 40 “Audit Standards”; Section 50 “Internal Control”; and Section 
60 “Internal Control Reporting”. 

• Government Code sections 13400 to 13407 - “Financial Integrity and State Manager’s 
Accountability Act of 1983”. 


Mission 

The mission of the Audit Division is to assist management in accomplishing the Authority’s 
strategic objectives by bringing a value-added, risk-based approach to independently review, test, 
evaluate and improve the effectiveness and efficiency of administrative functions, computer- 
based information systems and program processes throughout the Authority. 


Access 

The Audit Division staff are authorized to review, identify risks, and make recommendations for 
risk mitigation in all areas of the Authority’s operations, including but not limited to, contracting 
processes and contract oversight, personnel practices, procurement practices, fiscal programs and 
practices, accountability for property, physical security and security of data and information. 
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The Audit Division staff shall have full, free and unrestricted access to all of the Authority’s 
functions, records, files, information systems, personnel, contractors, physical properties, rental 
locations, vendors and any other items and staff relevant to the function, process or 
organizational unit under review. 


Confidentiality 

Documents and information provided to the Audit Division shall be handled in the same prudent 
and confidential manner as by those employees normally accountable for them. The Manager of 
the Audit Division shall ensure that audit staff is instructed in the handling and safeguarding of 
confidential information and shall be responsible for maintaining such confidentiality. 


Objectives and Scope 

Auditing Objectives: 

The objectives of auditing services performed by the Audit Division are to provide independent 
assurance that: 

• there is an established system of relevant and effective policies and procedures for the 
performance of duties and functions; 

• there is accuracy and reliability in the generation and reporting of data and information 
from staff to management and management to the Authority Board; 

• there is an effective system of authorization and access to Authority data and information 
and assets and that assets are safeguarded; 

• there is an appropriate plan for separation of duties; 

• there is effective and efficient operation of administration and program processes; and 

• administrative functions and programs are in compliance with prescribed laws and 
management policies. 


Scope: 

The scope of work of the Audit Division is to determine whether the operational and 
administrative environment is in conformance with the Authority’s current Strategic Plan 
(Ensure that the Authority has sound internal controls) and is adequate to ensure that: 

• programs are operating within the highest fiduciary standards and in accordance with 
applicable laws and approved policies; 

• programs and processes are consistent with governmental best practices; 

• legislative and/or regulatory issues are recognized and addressed appropriately; 
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• operations and processes are consistent with the strategic plan; 

• existing policies and procedures are appropriate and updated; 

• risks within and outside of the Authority are appropriately identified and managed; 

• financial, managerial, and operating information is accurate, reliable, and timely; 

• resources are acquired economically, used efficiently, and adequately protected; 

• contractors are meeting the objectives of their contracts, while in conformance with 
applicable laws, regulations, policies, procedures and best practices; 

• responsibilities and activities of internal auditors are coordinated with those of external 
auditors to avoid duplication of efforts; 

• appropriate access for auditors and investigators of the state and federal governments is 
provided; and 

• specific operations, processes or programs are reviewed at the request of the Chief 
Executive Officer (CEO). 


Independence 

The Audit Division reports administratively to the CEO and functionally to the Authority Board. 
The CEO is responsible for review and acceptance of draft audit reports, for assignment of draft 
audit reports to staff to ensure preparation of adequate responses to audit deficiencies, and for 
ensuring implementation of audit recommendations. 


Responsibilities and Accountability 

It is the responsibility of the Audit Division to conduct reviews of the Authority’s program and 
administrative control systems to determine if the control systems are operating in accordance 
with management's instructions, policies, and procedures, and in a manner which supports the 
attainment of strategic goals and objectives. In addition, the Audit Division is responsible for: 

• Reporting the results of examinations to management personnel of sufficient authority to 
ensure that appropriate action is taken with respect to any deficiency noted; 

• Assessing management’s action plans proposed to correct reported conditions. If an 
action plan is considered unsatisfactory, it is the responsibility of the Audit Division to 
conduct further discussions with program and executive management to achieve 
satisfactory resolution; 

• Coordinating external audit activities; 
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• Participating as an advisor in the planning, design, development, and implementation of 
major computer-based systems to determine whether adequate controls are incorporated 
in the systems; adequate system development life cycle disciplines are followed 
throughout the project; and system documentation is complete and accurate; 

• Participating in the initial stages of major new non-technology projects so that risks can 
be appropriately identified and managed and to ensure that internal controls are 
incorporated in the design phase; 

• Submitting annual audit plans to the CEO and the Board for review and approval, and 
reporting regularly on progress toward implementation of annual plans; 

• Reporting to the CEO and the Board as to whether appropriate action has been taken on 
audit findings; whether audit activities have been directed toward the areas of highest 
exposures to risk with an emphasis on increasing efficiency, economy, and effectiveness 
of operations and attainment of program objectives; whether internal and external audits 
are coordinated so as to avoid duplication; whether audit plans are adequate; and whether 
there are any restriction to access. 

• Reporting to the appropriate state entity any audit findings that may be considered 
material and/or egregious and reporting to the CEO and the Board and the appropriate 
division chiefs to provide an update on corrective actions and to notify them of any 
uncorrected deficiencies in their respective operational areas. 

• The Manager of the Audit Division is responsible for convening quarterly meetings of the 
CEO and division chiefs whose divisions have any uncorrected findings or conditions 
included in the audit follow-up to update corrective action status thereby allowing the 
CEO to better ensure prompt corrective action by all responsible parties. 


Professional Standards 

The Audit Division shall adhere to the following professional standards: 

• International Professional Practice Eramework (IPPE) which states that the Definition of 
Internal Auditing, the Code of Ethics, and the Standards and Interpretations are 
mandatory (Section 1010). 

• Generally Accepted Government Auditing Standards (GAGAS) from the United States 
General Accounting Office (GAO), as applicable. 

• Other professional standards as recommended or required by the Office of Audits and 
Evaluations (Department of Einance), the Bureau of State Audits and/or other State 
control agencies that may be applicable. 

In addition to the formal professional audit standards referenced above, staff of the Authority’s 

Audit Division shall adhere to the ethical rules and principles in the Appendix to this charter. 
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Relationship to the Risk Management and Internal Control Programs 

The Audit Division will aid management by evaluating its risk management system during each 
audit and consulting engagement. The Audit Manager will ensure that reports of any existing 
operational risks and mitigation efforts are made to the executive management of the Authority 
in conformance with the performance measures and strategies identified in the Authority’s 
current Strategic Plan. 


Approval 

This Audit Division Charter is transmitted to the Chair of the Board and the Chief Executive 
Officer and is effective upon approval by the Chair of the Board and the Chief Executive Officer 
on the date indicated below. 

Approved 

Chief Executive Officer Date 

Approved: 

Chair, Authority Board Date 
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APPENDIX 


INTERNAL AUDITING 


Definition of Internal Auditing 

Internal auditing is an independent, objective assurance and consulting activity designed to add 
value and improve an organization's operations. It helps an organization accomplish its 
objectives by bringing a systematic, disciplined approach to evaluate and improve the 
effectiveness of risk management, control, and governance processes. 

Code of Ethics 


Principles 

Internal auditors are expected to apply and uphold the following principles: 

1. Integrity 

The integrity of internal auditors establishes trust and provides the basis for reliance on their 
judgment. 

2. Objectivity 

Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and 
communicating information about the activity or process being examined. Internal auditors 
make a balanced assessment of all the relevant circumstances and are not unduly influenced by 
their own interests or by others in forming judgments 

3. Confidentiality 

Internal auditors respect the value and ownership of information they receive and do not disclose 
information without appropriate authority unless there is a legal or professional obligation to do 
so. 


4. Competency 

Internal auditors apply the knowledge, skills, and experience needed in the performance of 
internal audit services. 

Rules of Conduct 

1. Integrity 
Internal auditors: 

1.1. Shall perform their work with honesty, diligence, and responsibility. 

1.2. Shall observe the law and make disclosures expected by the law and the profession. 

1.3. Shall not knowingly be party to any illegal activity, or engage in acts that are 
discreditable to the profession of internal auditing or to the organization. 

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization. 


Revised 4/22/14 


6 



2. Objectivity 
Internal auditors: 

2.1. Shall not participate in any activity or relationship that may impair or be presumed to 
impair their unbiased assessment. This participation includes those activities or relationships 
that may be in conflict with the interests of the organization. 

2.2. Shall not accept anything that may impair or be presumed to impair their professional 
judgment. 

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the 
reporting of activities under review. 

3. Confidentiality 
Internal auditors: 

3.1 Shall be prudent in the use and protection of information acquired in the course of their 
duties. 

3.2. Shall not use information for any personal gain or in any manner that would be contrary 
to the law or detrimental to the legitimate and ethical objectives of the organization. 

4. Competency 
Internal auditors: 

4.1 Shall engage only in those services for which they have the necessary knowledge, skills, 
and experience. 

4.2. Shall perform internal audit services in accordance with the International Standards for 
the Professional Practice of Internal Auditing contained within the International Professional 
Practice Framework (IPPF) or Generally Accepted Government Auditing Standards 
(GAGAS) from the United States General Accounting Office (GAO), as applicable. 

4.3. Shall continually improve their proficiency and the effectiveness and quality of their 
services. 
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